MasterCard reveals biometric plans for password-killing protocol
MasterCard has outlined plans for a new authentication standard designed to end the use of passwords in online payments, saying that the protocol could be released as early as next year.
The firm says the new standard, which is being developed in cooperation with Visa, will move security infrastructure beyond the PC era, “supporting emerging technologies and changing consumer needs”.
The new protocol could be adopted in 2015 and will gradually replace the current 3D Secure protocol. “[R]icher cardholder data … will result in far fewer password interruptions at the point of sale”, said MasterCard.
In the event that an authentication challenge is needed, cardholders will be able to identify themselves with the likes of one-time passwords, or fingerprint biometrics, rather than committing static passwords to memory.
“All of us want a payment experience that is safe as well as simple, not one or the other. We want to identify people for who they are, not what they remember. We have too many passwords to remember and this creates extra problems for consumers and businesses,” said Ajay Bhalla, President of Enterprise Security Solutions.
In addition to the new protocol, MasterCard also noted other steps towards a password-free environment that included trials of facial and voice recognition apps, and of a wristband which authenticates a cardholder through their unique cardiac rhythm.
As reported by Planet Biometrics in October, MasterCard is working with Norwegian firm Zwipe on a credit card featuring a fingerprint scanner.
The company is also working with Bionym and the Royal Bank of Canada on trials of the former’s Nymi wristband, which uses cardiac rhythms to authenticate users.